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Abstract 

Static analysis by abstract interpretation aims at automatically proving properties of computer pro- 
grams. To do this, an over-approximation of program semantics, defined as the least fixpoint of a system 
of semantic equations, must be computed. To enforce the convergence of this computation, widening 
operator is used but it may lead to coarse results. We propose a new method to accelerate the compu- 
tation of this fixpoint by using standard techniques of numerical analysis. Our goal is to automatically 
and dynamically adapt the widening operator in order to maintain precision. 

Keywords: Abstract numerical domains, acceleration of convergence, widening operator. 

1 Introduction 

In the field of static analysis of embedded, numerical programs, abstract interpretation [SI [5] is widely used 
to compute over-approximations of the set of behaviors of a program. This set is usually defined as the 
least fixpoint of a monotone map on an abstract domain given by the (abstract) semantics of the program. 
Using Tarski's theorem [18 , this fixpoint is computed as the limit of the iterates of the abstract function 
starting from the least element. These iterates build a sequence of abstract elements that (order theoretically) 
converge tovifards the least fixpoint. This sequence converging often slovifly (or even after infinitely many 
steps) , the theory of abstract interpretation introduces the concept of widening 9 . 

A widening operator is a two-arguments function V which tries to predict the limit of the iterates 
based on the relative position of two consecutive iterates. For example, the standard widening operator 
on the interval abstract domain consists in comparing the limits of the intervals and setting the unstable 
ones to oo (or —oo). A widening operator often makes large over-approximation because it must make 
the sequence of iterates converge in a finite time. Over-approximation may be reduced afterward using a 
narrowing operator but the precision of the final approximation still strongly depends on the precision of 
the V. Various techniques have been proposed to improve it. Delayed widening makes use of V after n 
iteration steps only (where n is a user-defined integer), thus letting the first loop iterates execute before 
trying to predict the limit. Another approach is to use a widening with thresholds [5]: the upper bound of 
the interval (for example) is not directly set to oo, but is successively increased using a set of thresholds 
that are candidates for the value of the fixpoint upper bound. In practice, these techniques are necessary to 
obtain precise fixpoint approximations for industrial sized embedded programs. However, they suffer from 
their lack of automatization: thresholds must be chosen a priori and are defined by the user (to the best of 
our knowledge, no methods exist to automatically find the best thresholds). The delay parameter n is also 
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to be defined a priori. This makes the use of a static analyzer difficult as these (non trivial) parameters are 
often hard to find. 

In this article, we present some ongoing work which shows that it is possible to use sequence transformation 
techniques in order to automatically and efficiently derive approximation of the limit of Kleene iterates. 
This approximation may not be safe (i.e. may not contain the actual limit), but we show how to use it 
in the theory of abstract interpretation. Sequence transformation techniques (also known as convergence 
acceleration methods) are widely studied in the field of numerical analysis [5]. They transform a converging 
sequence {xn)neK of real numbers into a new sequence (j/n)neN which converges faster to the same limit (see 
Section [3?2|) . In some cases (depending on the method), the acceleration is such that (?/n)neN is ultimately 
constant. Some recent work [7] applied these techniques in the case of sequences of vectors of real numbers: 
vector sequence transformations introduce relations between elements of the vectors and perform better 
than scalar ones. Our main contribution is to show that we can use these methods in order to improve the 
fixpoint computation in static analysis: we define dynamic thresholds for widening that are very close to the 
actual fixpoint. This increased precision is obtained because the sequence transformations use all iterates 
and quantitative information {i.e. relative to the distance between elements) to predict the limit. They thus 
have access to more information than the widening operator and can make better prediction. In this work, 
we focus on the interval domain, but we believe that this work may be applied for any abstract domain, 
especially the ones with a pre-defined shape (octagons |16| . templates |17j . etc.). 

This article is organized as follows. In Section [21 we explain on a simple example how acceleration 
methods may be used to speed-up the fixpoint computation. In Section |3l we recall the theoretical basis 
of this work and present our main theoretical contribution. Section |4] presents some early experiments on 
various floating-point programs that show the interest of our approach, while Sections [S] and [5] discuss related 
works and perspectives. 

Notations. In the rest of this article, (a;„) will denote a sequence of real numbers {i.e. (x„) G R^), while 
{xn) denotes a sequence of vector of real numbers {i.e. (a;„) G (IR^*)^ for some p G N). The symbol Xn will 
be used to design abstract iterates, i.e. X„ G A for some abstract lattice A. 

2 An introductive example 

In this section, we explain, using a simple example, how sequence acceleration techniques can be used in 
the context of static analysis. In short, our method works as follows: let {Xn) be a sequence of intervals 
computed by the Kleene iteration and that is chosen to be widened (see [1] for details on how to chose the 
widening points). We extract from {Xn) a vector sequence (a;„): at stage fc, Xk is a vector that contains 
the infimum and supremum of each variable of the program. As Kleene iterates converge towards the least 
fixpoint of the abstract transfer function, the sequence (a;„) converges towards a limit x which is the vector 
containing the infimum and supremum of this fixpoint. We then compute an accelerated sequence (y„) that 
converges towards x faster than (a;„). Once this sequence has reached its limit (or is sufficiently close to it), 
we use a; as a threshold for a widening on (a;„) and thus obtain, in a few steps, the least fixpoint. In the 
rest of this section, we detail these steps. 

The program. We consider a linear program which iterates the function F{X) = A ■ X + B ■ U where 
A, B and U are constant matrices and X is the vector of variables (see Figure [ij. Initially, we have 
xl G [1,2], x2 G [1,4], x3 G [1,20], ul G [1,6], u2 G [1,4] and u3 G [1,2]. Using an existing analyzer 
working on the interval abstract domain, we showed that this program converges in 55 iterations (without 
widening) and obtained the invariant [—5.1975,8.8733] for xl at line 2. 

Extracting the sequences. From this program, we can define a vector sequence of size 6, 

Xn — (x^, x^, a:^, a;^, a;^, x^) , which represent the evolution of the suprema and infima of the variables xl, 

x2 and x3 at line 2. For example, the sequence {x\) is recursively defined by: 

a;^+i = max( , -0.4375 * -I- 0.0625 * Irl" 0.2652 * ^ + 0.1 * uT ) . (1) 
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while 
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xnl 


= -0.4375 


* xl+ 0.0625 * x2 + 0.2652 


* x3 


+ 
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* ul ; 
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xn2 


= 0.0625 


* xl + 0.4375 * x2 + 0.2652 


* x3 
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* u2 ; 
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xn3 


= -0.2652 


* xl + 0.2652 * x2 + 0.375 


* x3 


+ 
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* u3 ; 
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xl = 


= xnl ; x2 


= xn2 ; x3 = xn3 ; 
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Figure 1: A simple linear program. 
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Figure 2: Sequences extracted from the program of Figure [T] and their accelerated version. 



Note that we are not interested in the formal definition of these sequences (as given by Equation ([T])), but 
only in their numerical values that are easily extracted from Kleene iterates. Each sequence (x^) (resp. (a;^)) 
is increasing (resp. decreasing) and the sequence (a;„) converge towards a vector x containing the infimum 
and supremum of the fixpoint (see Figure [51 dotted lines). 

Accelerating the sequences. We then used the vector e-algorithm to build a new sequence that con- 
verges faster towards x. This method works as follows (a more formal definition will be given in Section [3?2|) : 
it computes a series of sequences (ej!j) for k — 1,2, .. . such that each sequence (e^) for k even converges 
towards s and the diagonal (d„) — (eff) also converges towards s. This diagonal sequence is the result of 
the e-algorithm and is called the accelerated sequence. It converges faster than the original sequence: in only 
8 iterates, it reached the fixpoint and stayed constant (see Figure [21 bold lines). 

Using the accelerated sequence. When the accelerated sequence reaches the limit (or is sufficiently 
close to it), we modify the Kleene iteration and directly jump to the limit. Formally, if the limit is 
{xi^'xi^X2,X2,xj,^T^) and if the current Kleene iterate is Xp, we construct the abstract element X whose 
bounds are xi, xi, . . . and set A^p+i — Xp U X and re-start Kleene iteration from Xp+i. In this way, we 
remain sound (Xp C ATp+i) and we are very close to the fixpoint, as X C Xp+i. In this example, Kleene 
iteration stopped after 2 steps and reached the same fixpoint as the one obtained without widening and 
acceleration. Figure [3] shows the original Kleene iteration and the modified one, for the infimum of variable 
xl. Let us recall that the Kleene iteration needed 55 steps to converge, where the modified iteration stops 
after 18 steps. 

3 Theoretical frameworks 

In this section, we briefly recall the basics of abstract interpretation, with an emphasis on the widening 
operator. Next we present in more details the theory of sequence transformations. Finally, we give our main 
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Figure 3: Infimum value of xi. We only display the iterates 5 to 25. At the 15th iteration, the accelerated 
value is used as a widening with thresholds, and the iteration stops after 18 steps. 



contribution showing how sequence transformations are used in abstract interpretation theory. 
3.1 Overview of the abstract interpretation theory 

Abstract interpretation is a general method to compute over-approximations of program semantics where 
the two key ideas are: 

• Safe abstractions of sets of states thanks to Galois connections. More precisely let (C, Qc) be the 
lattice of concrete states and let {A, Qa) be the lattice of abstract states. A is a safe abstraction of C 



if there exists a Galois connexion (C, Qc) — 
that Vc e C, Va e A, a{c) a ^ c^c 7(a)- 



there exist monotone maps a and 7 such 



• An effective computation method of the abstract semantics with, in general, a widening operator. The 
semantics of a program is defined as the smallest solution of a recursive system of semantic equations 
F. Hence, the abstract program semantics is a set of states AT of a lattice {A, C^) such that X = F{X) 
where F is monotone. The solution X is iteratively constructed by A^+i — XiU F{Xi), starting from 
Xq = _L. The value ± denotes the smallest element of A and the operation U denotes the join operation 
of A. The sequence (A„) defines an increasing chain of elements of A. This chain may be infinite, so to 
enforce the convergence of this sequence, we usually substitute the operator U by a widening operator 
V, see Definition 13.11 that is an over-approximation of U. 

Definition 3.1 (Widening operator [8j) Let {A, C^) be a lattice. The map V : Ax A ^ A is a widening 
operator iff i) Vtii, V2 ^ A, vi U vi uiVw2. H) For each increasing chain vq • • ■ ti„ \Za ■ ■ ■ of A, 
the increasing chain defined by Sq = vq and s„ = s„_iVu„ is stationary: 3no, Vni, n2, (?i2 > ni > hq) 

The widening operator plays an important role in static analysis because, thanks to it, we are able to 
consider infinite state spaces. As a consequence, many abstract domains are associated with a widening 
operator. For example the classical widening of the interval domain is defined by; 



[a,fe]V[c,d] = 



if a < c 
otherwise 



b 

-\-oo 



if b>d 

otherwise 



Note that we only consider two consecutive elements to extrapolate the potential fixpoint. The main draw- 
back with this widening is that it may generate too coarse results by going quickly to infinity. A solution of 
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this is to add intermediate steps among a finite set T; that is the idea behind the widening with thresholds 
Vr- For the interval domain, it is defined by: 

, , „ \a if a < c \b if b > d 

[a,b]VT[c,d] ^ { - , <^ - . 

I max{t £ T : t < c} otherwise I mm{t GT : t > d} otherwise 

While widening with thresholds gives better results, we are facing with the problem to define a priori the 
set T. Finding relevant values for T is a difficult task for which, to the best of our knowledge, no automatic 
solution exists. 



3.2 Acceleration of convergence 

We give an overview of the techniques of acceleration of convergence in numerical analysis 5^ . The goal of 
convergence acceleration techniques, also named sequence transformations, is to increase the rate of conver- 
gence of a sequence. Formally, let (Z), d) be a metric space, i.e. a set D with a distance d : D R+ {D will 
be ]R or W for some p G N). The set of sequences over D (denoted D^) is the set of functions between N 
and D. A sequence G converges to £ iff we have lim„_j.oo d{xn,£) = 0. A sequence transformation 
is a function T : (T designs a particular acceleration method) such that whenever (a;„) converges 

to £ then (?/„) = T{xn) also converges to £ and lim„_^oo = 0. This means that (j/„) is asymptotically 

closer to £ than (x„). An important notion for a sequence transformation T is its kernel Kt which is the set 
of sequences {xn) for which T(xn) is ultimately constant. We now present some acceleration methods that 
we used in our experimentation. For more details, we refer to [5]. 

The Aitken A^-method. It is probably the most famous sequence transformation. Given a sequence 
{xn) e , the accelerated sequence (?/„) is defined by: Vn G N, y„ = cc„ — - — . It should be 
noted that in order to compute for some rt G N, three values of (x„) are required: a;„, Xn+i Xn+2- 
The kernel K^i of this method is the set of all sequences of the form a;„ = s + a. A" where s, a and A are real 
constants such that a 7^ and A ^ 1 (see [B]). The Aitken A^-method is an efficient method for accelerating 
sequences, but it highly suffers from numerical instability when a;„, Xn+i and Xn+2 are close to each other. 

The e-algorithm. It is often cited as the best general purpose sequence transformation for slowly converging 
sequences From a converging sequence (a;„) G R'^ with limit £, the £-algorithm builds the following 

sequences: 



(e-^) : VnGN,e;;^ =0, (2) 
(e°) :VnGN,e^ = s„, (3) 
(4) : Vfc > 1, n G N, = eT+\ + (4+i - 4) (4) 

The sequence (e^) is called the fc-th column, and its construction can be graphically represented as on 
Figure m The even columns {e'^) (in gray on Figure H]) converge faster to £. The even diagonals {e'^)k£M) 
also converge faster to £. In particular, the first diagonal (circled on Figure |4]) converges very quickly to £, 
and it is the accelerated sequence. Let us remark that in order to compute the n-th element of that sequence, 
2n elements of {Xn) are required. 



Acceleration of vector sequences. Many acceleration methods were designed to handle scalar sequences 
of real numbers. For almost each of these methods, extensions have been proposed to handle vector sequences 
(see [M] for a review of them). The simplest, yet one of the most powerful, of these methods is the vector 
s-algorithm (VEA). Given a vector sequence {xn), the VEA computes a series of vector sequences (e^) using 
Equations ©-(HI) where the arithmetic operations + and — are computed component- wise and the inverse 
of a vector v is computed as = v/(v ■ t>), with / being the component-wise division and ■ the scalar 
product. The VEA differs from a component-wise application of the (scalar) e-algorithm as it introduces 
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relations between the components of the vector: the scalar product v ■ v computes a global information on 
the vector v which is propagated to all components. Our experiments show that this algorithm works better 
than a component-wise application of the e-algorithm. The kernel of the VEA contains all sequences of 
the form Xn+i — Axn + B, where A is a constant matrix and B a constant vector [7]. 

3.3 Our contribution 

In this section, we combine acceleration methods with the abstract fixpoint computation. Our goal is to be 
as non-intrusive as possible in the classical iterative scheme. In this way, our method can be implemented 
with minor adaptations in current static analyzers. 

Methodology. As seen in Section 13.11 the Kleene iteration for finding the least fixpoint computes with 
abstract values from some abstract lattice A. In order to use acceleration techniques on the abstract iterates, 
we need to extract from the abstract elements X„ G A a vector of real numbers. Thus, we obtain a sequence 
of real vectors that we can accelerate, and we quickly reach its limit. We then construct an abstract element 
X that corresponds to this limit and use it as a candidate for the least fixpoint. This process of transforming 
an abstract value into a real vector and back is formalized by the notion of extraction and combination 
functions that are given in Definition 13.21 

Definition 3.2 (Extraction and combination.) Let {A, C^) be an abstract domain, and let p e N. The 

functions Aa ■ A -> MP and Ta ■ MP A are called extraction and combination function, respectively, 
iff for each sequence Xn G A^ that order theoretically converges, i.e. Un^MXn ~ X for some X £ A, 
then the sequence Ayi(X„) G (iR^) converges for the usual metric on MP, i.e. lim„_).oo A^(A„) — S, and 



Intuitively, these functions transpose the convergence of the sequence of iterates into the theory of real 
sequences, in such a way that the real sequence does not lose any information. Note that the order on IR^* 
induced by the usual metric is unrelated with the order on A, so the notion of extraction and combination 
is different from the notion of Galois connection used to compare abstract domains. For the interval domain 
/ = I", where v is the number of variables of the program and I is the set of fioating-point intervals, the 
extraction and the combination functions are defined in Equation. (0). 

For other domains, these functions must be designed specifically. For example, we believe that such 
functions can be easily defined for the octagon abstract domain 16 : the function A associates with a 
difference bound matrix a vector containing all its coefficients. Special care should be taken in the case of 
infinite coefficients. More generally, we believe that for domains with a pre-defined shape, the functions 
A and T can be easily defined. Note that if there is a Galois connection (a/, 7/) between a domain A 



X^A Ta{S). 




Arrows depict dependencies: the element at 
the beginning of the arrow is required to com- 
pute the element at the end. For example. 




1 




= 11-1 



Figure 4: The e-table 
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and the interval domain /, the extraction and combination functions can be defined as Aa = Aj o aj and 
= 7/ o T/. We use this method in the last experiment in Section l4?2l 



Accelerated abstract fixpoint computation. We describe the insertion of acceleration methods in the 
Kleene iteration process in Algorithm[TJ We compute in parallel the sequence (A„) coming from the Kleene's 
iteration and the accelerated sequence (y„) computed from an accelerated method. Once the sequence (y„) 
seems to converge, that is the distance between two consecutive elements of (y„) is smaller than a given 
value S, we combine the two sequences. That is we compute the upper bound of the two elements of the 
current iteration. Note that the monotonicity of the computed sequence (A„) is still guaranteed. 



Algorithm 1 Accelerated abstract fixpoint computation 

1; repeat 

2: X, := A,_i U FiX,_i) 

3: y, -.^ Accelerate (Aa(Ao), . . . , Aa(A,)) 

4; if WVi - Vt-i\\ < (> then 

5: A, A, U TA{y^) 

6: end if 

7: until Xi □ Ai_i 



The use of acceleration methods may be seen as an automatic delayed application of the widening with 
thresholds. Let us remark that we are not guaranteed to terminate in finitely many iterations: we know 
that asymptotically, the sequence t/j from Algorithm [1] gets closer and closer to the fixpoint, but we are not 
guaranteed that it reaches it. To guarantee termination of the fixpoint computation, we have to use more 
"radical" widening thresholds, for example after n applications of the accelerated method. So this method 
cannot be a substitute to widening, but it improves it by reducing the number of parameters (delay and 
thresholds) that a user must define. 

4 Experimentation 

To illustrate our acceleration methods, we used a simple static analyzeiQ working on the interval abstract 
domain that handles C programs without pointers and associated it with our OCaml library of acceleration 
methods that transform an input sequence (given as a sequence of values) into its accelerated version. The 
obtained results are presented in the following sections. 

4.1 Butterworth order 1 

To test the acceleration method, we use a first-order Butterworth filter (see Figure [SI left). This filter is 
designed to have a frequency response which is as flat as mathematically possible in the band-pass and is 
often used in embedded systems to treat the input signals for a better stability of the program. 

The static analysis of this program using the interval abstract domain defines 10 sequences, two for each 
variable (xl, xnl, y, u, i). These sequences converge toward the smallest fixpoint after a lot of iterations, 
our acceleration methods allow to obtain the same fixpoint faster. In this example, we accelerate just the 

^This analyzer is based on Newspeak, http : //penjlll . org/newspeak.html^i ttp:/ /penjili.org/newspeak.html, the authors 
thank especially Sarah Zennou for her technical help. 
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xl = 0; y = 0; xnl 


= 1; 


for (i=0;i <200;i++ 


) { 


/* ! npk u between 


1 and 2 */ 


xnl = 0.90480*xl 


+ 0.95240*u; 


y = 0.09524*xl + 


0.04762*u; 


xl — xnl ; 




} 





50 100 150 



Figure 5: The Butterworth program (left) and the sequence of supremum of variable xl (right). 



20.0086 - 




20.0082 -- 



50 100 150 175 20 40 60 

Figure 6: Accelerated sequences (in bold) compared with the original Kleene sequence (dotted). Left is the 
sequence obtained with Aitken (zooming on the numerical problems), right with the e-algorithm (zooming 
on the first iterates). 

upper bound sequences because the lower ones are constant for all the variables. We next present the result 
obtained with different methods on the variable xl only, results obtained with other variables are very alike. 

The Aitken A^-method. In Figure[5l right, with Kleene iteration and without widening, this program con- 
verges in 156 iterations, and we get the invariant [0, 20.0084] for xl. With the Aitken A^-method, we obtain 
only in 3 iterations a value very close to 20.0084, but problems of numerical instabilities prevent the stabi- 
lization of the program. However the values of the accelerated sequence stay in the interval [20.0082, 20.0086] 
between the third and the last iteration (see Figure [H left), which is a good estimate of the convergent point. 

The e-algorithm. In FigurelHl right, we notice a important amelioration in the computation of the fixpoint, 
thanks to the e-algorithm. With this method, the fixpoint of the variable x_l is approximated with a precision 
of 10~^ after exactly 8 iterations, while Kleene iteration needed 156 steps. Remark that to obtain 8 elements 
of the accelerated sequence we need 16 elements from the initial one. We obtain the same results with the 
vector e-algorithm. 

4.2 Butterworth order 2 

An order 2 Butterworth filter is given by the following recurrence equation, where a;„ is a two-dimensional 
vector, Xn = {xi,X2)^'- 
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f 0.9858 -0.009929\ f 0.9929 \ A.965e-5\ ^ _5 

^"+1 =(,0.00929 1 + " -(,0.004965;' 3^"+^ = (^ 0.01 J ' + 2-482e -n 

On this program, the results obtained using the interval abstract domain are not stable. To address 
this problem we have used Fluctuat |13) . a static analyzer using a specific abstract domain based on afSne 
arithmetic, a more accurate extension of interval arithmetic. It returns the upper and lower bounds of each 
variables. We applied the vector e-algorithm on this example with 3 different values of 5 (see Algorithm [1]): 
this gives Figure [T] For example, for the variable Xi and 5 = 10~^, the over-approximation of the fixpoint is 
reached after 26 iterations (6 iterations before re-injection and 20 iterations after). Note that we obtain the 
same fixpoint as with Kleene iteration. We notice that the performance of the Algorithm [1] does not strongly 
depend of 5. Until now, we use the acceleration just once (unlike in Algorithm [Ij , a full implementation of 
it will probably reduce the number of iterations even more. 



5 Related work 

Most of the work in abstract interpretation based static analysis concerned the definition of new abstract 
domains (or improvements of existing ones), and the abstract fixpoint computation remained less studied. 
Initial work from Cousot and Cousot [9] discussed various methods to define widening operators. Bour- 
doncle 0] presented different iteration strategies that help reducing the over-approximation introduced by 
widening. These methods are complementary to our technique: as explained in Section 13. 3[ acceleration 
should be done at the same control point as the one chosen for widening, and does not replace standard 
widening as the termination of the fixpoint computation is not guaranteed. However, acceleration methods 
greatly improve widening by dynamically and automatically finding good thresholds. 

Gopan and Reps in their guided static analysis framework |11|, I12j also used the idea of computing in 
parallel the main iterates and a guide that shows where the iterates are going. In their work, the precision 
of the fixpoint computation is increased by computing a pilot value that explores the state space using a 
restricted version of the iteration function. Once this pilot has stabilized, it is used to accelerate the main 
iterates; in a sense, this pilot value is very similar to the value y^ of Algorithm [1] but we do not modify the 
iteration function as done in |12j . 

Maybe the work that is the closest to ours is the use of acceleration techniques in model checking [T], 
that have recently been applied to abstract interpretation [lOl [15] . In this framework, the term acceleration 
is used to describe techniques that try to predict the effect of a loop on an abstract state: the whole loop is 
then replaced with just one transition that safely and precisely approximates it. These techniques perform 
very well for sufficiently simple loops working on integer variables, and gives exact results for such cases. 
Again, this method is complementary to our usage of acceleration: it statically modifies the iteration function 
by replacing simple loops with just one transition, while our method dynamically predicts the limit of the 
iterates. We believe that our method is more general, as it can be applied to many kinds of loops and is not 
restricted to a specific abstract domain (changing the abstract domain only requires changing the Ka and 
T A functions). 
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Figure 7: Numbers of iterations needed to reach an invariant. 
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6 Conclusion 



We presented in this article, a technique to accelerate abstract fixpoint computations using the numerical 
acceleration methods. This technique consists in building numerical sequences by extracting, at every itera- 
tion, supremum and infimum from every variable of the program. We apply to the obtained sequences the 
various convergence acceleration methods, that allows us to get closer significantly or to reach the fixpoint 
more quickly than the Kleene iteration. To make sure that the fixpoint returned by the accelerated method 
is indeed the fixpoint of the abstract semantics, we re-inject it in the static analyzer. This guarantees us the 
fast stop of the analyzer with a good over-approximation of the fixpoint. The experiments made on a certain 
number of examples (linear programs) show a good acceleration of the fixpoint computation especially when 
we use the e-algorithm, where the number of iterations is divided by four. Let us note that we have assumed 
in this article that the sequences of iterates and the corresponding vector sequences converge towards a finite 
limit. In case of diverging sequences, traditional widening can be used as sequence transformation will not 
perform as well as for converging ones. 

For now, we made the experimentation using two separate programs: one that computes the Kleene 
iterates, and one that accelerates the sequences. The Algorithm [1] is thus still not fully implemented, its 
automatization is the object of our current work. The use of the interval abstract domain allows to cover just 
a small set of programs, our future work will also consist in extending this technique to relational domains 
such as octagons and polyhedra. 
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